June 2016 - Pki-devel - Dogtag Pki List Archives

Invalid instance exception fix.

by Amol Kahat

Hi, Please review this patch. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348433 Thanks Amol K.

7 years, 9 months

2
1
0 / 0

Fixes pki-server subsystem --help options.

by Amol Kahat

Hi, Please review this patch. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1340718 Thanks Amol K.

7 years, 9 months

2
1
0 / 0

[PATCH] 779 Fixed problem reading HSM password from password file.

by Endi Sukma Dewata

A new method get_token_password() has been added into PKIInstance Python class in order to read the token password correctly from password.conf. If the token is an internal token, it will read the 'internal' password. If it is an HSM it will read the password for 'hardware-<token>'. The codes that call the get_password() to get token password have been modified to use get_token_password() instead. https://fedorahosted.org/pki/ticket/2384 -- Endi S. Dewata

7 years, 9 months

2
2
0 / 0

[PATCH] Normalize default softokn name

by Matthew Harmsen

Please review the attached patch which addresses the following ticket: * PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" <https://fedorahosted.org/pki/ticket/2311> A brief smoke test of this patch worked successfully.

7 years, 10 months

1
0
0 / 0

[PATCH] Added --token-password in pki-server instance-externalcert-add / del command.

by Amol Kahat

Hi, Please review this patch. Fixes : https://bugzilla.redhat.com/show_bug.cgi?id=1348531 Thanks Amol K

7 years, 10 months

1
0
0 / 0

Updated External EPEL CentOS 7 COPR builds are now available . . .

by Matthew Harmsen

An updated external EPEL CentOS 7 COPR repo is now available which contains Dogtag 10.3.3 builds: * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pk... [group_pki-10.3.3] name=Copr repo for 10.3.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/epel-... skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/pubkey... enabled=1 enabled_metadata=1 -- Matt

7 years, 10 months

1
0
0 / 0

Karma Request for Dogtag 10.3.3 on Fedora 24

by Matthew Harmsen

The following candidate builds of Dogtag 10.3.3 for Fedora 24 consist of the following: * dogtag-pki-10.3.3-1.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774259> * dogtag-pki-theme-10.3.3-1.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774261> * pki-core-10.3.3-1.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774264> * pki-console-10.3.3-1.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774282> Please provide Karma for these builds in Bodhi located at: * https://bodhi.fedoraproject.org/updates/FEDORA-2016-f79d05d2c4 dogtag-pki-10.3.3-1.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-f79d05d2c4> * https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4e6c2b81f dogtag-pki-theme-10.3.3-1.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4e6c2b81f> * https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc6bc7b4dc pki-core-10.3.3-1.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc6bc7b4dc> * https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c3e450b6b pki-console-10.3.3-1.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c3e450b6b> Additionally, the following builds have been provided for Fedora 25 (rawhide): * dogtag-pki-10.3.3-1.fc25 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774260> * dogtag-pki-theme-10.3.3-1.fc25 <http://koji.fedoraproject.org/koji/buildinfo?buildID=774262> Unfortunately, Dogtag 10.3.3 is currently broken on Fedora 24 (rawhide) due to the following issue: * PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core <https://fedorahosted.org/pki/ticket/2373> which prohibits building: * pki-core-10.3.3-1.fc25 * pki-console-10.3.3-1.fc25 (which depends on pki-java-base-10.3.3-1.fc25 that is a part of the pki-core-10.3.3-1.fc25 package) Thanks, -- Matt

7 years, 10 months

1
0
0 / 0

[DESIGN] Lightweight CA renewal

by Fraser Tweedale

Hullo all, FreeIPA Lightweight CAs implementation is progressing well. The remaining big unknown in the design is how to do renewal. I have put my ideas into the design page[1] and would appreciate any and all feedback! [1] http://www.freeipa.org/page/V4/Sub-CAs#Renewal Some brief commentary on the options: I intend to implement approach (1) as a baseline. Apart from implementing machinery in Dogtag to actually perform the renewal - which is required for all the approaches - it's not much work and gets us over the "lightweight CAs can be renewed easily" line, even if it is a manual process. For automatic renewal, I am leaning towards approach (2). Dogtag owns the lightweight CAs so I think it makes sense to give Dogtag the ability to renew them automatically (if configured to do so), without relying on external tools i.e. Certmonger. But as you will see from the outlines, each approach has its upside and downside. Cheers, Fraser

7 years, 10 months

3
8
0 / 0

[PATCH] pki-cfu-0140-Ticket-2346-support-SHA384withRSA.patch

by Christina Fu

This patch adds support for SHA384withRSA signing algorithm. It addresses ticket: https://fedorahosted.org/pki/ticket/2346 java.security.NoSuchAlgorithmException: no such algorithm: OID.1.2.840.113549.1.1.12 for provider Mozilla-JSS when signing a CSR using SHA384withRSA Tested to work with 1. the CSR provided by bug reporter in ticket against caServerCert enrollment profile 2. few selected profiles sample result: Signature Algorithm: SHA384withRSA - 1.2.840.113549.1.1.12 thanks, Christina

7 years, 10 months

2
3
0 / 0

[PATCH] pki-cfu-0139-Ticket-2298-Part3-trim-down-debug-log-in-non-TMS-crm.patch

by Christina Fu

This is the last patch for ttps://fedorahosted.org/pki/ticket/2298 [non-TMS] for key archival/recovery, not to record certain data in ldap and logs It mainly trims down the debug log and rids off CRMF requests. it also gets rid of some excessive debugging in exercised areas. In the last patch, CS.cfg is introduced a new profile, which accidentally got copied in a hard coded path, which is fixed too. thanks, Christina

7 years, 10 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel June 2016